CVE-2024-32939
EUVD-2024-249822.08.2024, 07:15
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost | 9.5.0 ≤ 𝑥 < 9.5.8 |
| mattermost | mattermost | 9.8.0 ≤ 𝑥 < 9.8.3 |
| mattermost | mattermost | 9.9.0 ≤ 𝑥 < 9.9.2 |
| mattermost | mattermost | 9.10.0 ≤ 𝑥 < 9.10.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
References